Apple released updates across eight product lines with several having more than a dozen issues addressed.
Apple does not rate the severity
of each vulnerability, but does break them all down for its users.
One batch of 13
vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five
of these enabling an attacker to execute code if exploited.
iOS 13.4 and iPadOS 13.4 with 30 CVEs had the most vulnerabilities patched with Sophos noting Kernel bugs CVE-2020-9785 and CVE-2020-3919 and CVE-2020-3914 are particularly dangerous and require immediate patching. It also included in this category Webkit vulnerability CVE-2020-3899, that can allow arbitrary code execution.
The remaining updates
- Safari 13 had 11
vulnerabilities patched five that could result in code execution.
- watchOS 6.2 covered 17 CVEs
four or which could allow an attacker to execute arbitrary code with kernel privileges.
- tvOS 13.4 had 20 issues
covered, two of which could allow someone to read restricted memory.
Catalina 10.15.4 had 27 patches rolled out six that could result in arbitrary
- Xcode 11.4 also had an update but as per Apple policy it will
not disclose the details or confirm security issues until an investigation has
occurred and patches or releases are available.